Upstash Legal & Security Documents
- Upstash Terms of Service
- Upstash Data Processing Agreement
- Upstash Technical and Organizational Security Measures
- Upstash Subcontractors
Is Upstash SOC2 Compliant?
Upstash applies the controls listed under SOC2 compliance and in the process of SOC2 certification. Contact us (firstname.lastname@example.org) to learn about the expected certification date.
Is Upstash ISO-27001 Compliant?
We are in process of getting this certification. Contact us (email@example.com) to learn about the expected date.
Is Upstash GDPR Compliant?
Is Upstash HIPAA Compliant?
Upstash is currently not HIPAA compliant. Contact us (firstname.lastname@example.org) if HIPAA is important for you and we can share more details.
Is Upstash PCI Compliant?
Upstash does not store personal credit card information. We use Stripe for payment processing. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.
Does Upstash conduct vulnerability scanning and penetration tests?
Yes, we use third party tools and work with pen testers. We share the results with Enterprise customers. Contact us (email@example.com) for more information.
Does Upstash take backups?
Yes, we take regular snapshots of the data cluster to the AWS S3 platform.
Does Upstash encrypt data?
Customers can enable TLS while creating database/cluster, and we recommend it for production databases/clusters. Also we encrypt data at rest at request of customers.